· intuitem · News · 3 min read
What's New in CISO Assistant — Week 16, 2026 (v3.15.8 – v3.15.9)
Container hardening, Cyfun 2025 scoring and export, richer import/export across TPRM, findings and risk assessments, DORA subcontracting chains, and a wave of UX polish.
Two releases this week focus on hardening the platform, extending import/export coverage, and refining day-to-day workflows.
Container Hardening
Hardened container images (v3.15.8) — A long-running initiative lands: CISO Assistant containers have been hardened across the board. The enterprise edition was then realigned on top of the community edition so both editions share the same hardening baseline (v3.15.9).
Cyfun 2025
- Average-of-averages scoring logic (v3.15.8) — A revised scoring approach to match Cyfun 2025 expectations, so scores computed in CISO Assistant match what the framework actually specifies.
- Cyfun audit export (v3.15.9) — Audits can now be exported directly in Cyfun format.
Import / Export
A broad round of import/export work across several modules:
- TPRM exports (v3.15.8) — Third-party risk management data can now be exported for reporting and archival.
- DORA — subcontracting chains in ROI exports (v3.15.8) — The Register of Information export now correctly handles multi-level subcontracting chains.
- Sanitized finding export for round-trip (v3.15.9) — Finding exports are cleaned up so they can be re-imported without churn.
- Risk assessment import/export update (v3.15.9) — Refreshed format and handling for risk assessment data.
- CSV export — applied control “impact” attribute (v3.15.8) — Fixes a regression where the impact field was missing or incorrect in CSV exports.
Task Email Templates
Richer task notifications (v3.15.9) — Task emails now include direct links and a detailed task list, so recipients can jump straight into the work without hunting through the UI.
EBIOS RM & Risk
- Navigate back to parent study (v3.15.9) — A new button in the strategic scenario detail view takes you back to the parent EBIOS study.
- Vulnerabilities linked to follow-ups (v3.15.9) — The data wizard now relates vulnerabilities to the follow-ups they generate.
- Exception model — link attribute (v3.15.9) — Exceptions can now carry a link, useful for referencing the approving ticket, document, or decision record.
- CRQ Studies — Executive Summary fix (v3.15.8) — Fixes an error retrieving authors’ emails that prevented the Executive Summary from loading.
UX Improvements
- Asset graph — sorted domains and multi-level filtering (v3.15.9) — Domains in the asset graph are now sorted, and multi-level domain filtering behaves correctly.
- Restored sidebar entries (v3.15.9) — Presets and the tasks review entries are back in the sidebar after a regression.
- autocompleteSelect — match instead of partial text (v3.15.8) — Selecting an existing item now actually selects it, rather than leaving partial text behind. Thanks to @tchoumi313 for this fix.
- Matrix browser error fix (v3.15.8) — Prevents a browser-side error on certain matrix configurations.
CLI
--nameflag for assessments (v3.15.9) — Name assessments directly from the CLI.
Internationalisation
- French
currencyHelpTexttypo fix (v3.15.9) — Small but welcome polish.
Dependencies
- pytest 9.0.2 → 9.0.3 (v3.15.8) — Rolled out across the backend, enterprise backend, and dispatcher.
For full details, check out the v3.15.8 and v3.15.9 release notes on GitHub.
